⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

Catch API bugs before your users do

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Throw a tag at it and it comes back with a checksum.

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

Automating situational awareness for cloud penetration tests.

NeMo Guardrails is an open-source toolkit for easily adding programmable guardrails to LLM-based conversational systems.

A customizable, open-source ecommerce platform built on WordPress. Build any commerce solution you can imagine.

an open source, extensible AI agent that goes beyond code suggestions - install, execute, edit, and test with any LLM

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

PHP Static Analysis Tool - discover bugs in your code without running it!

Community guide to securing and improving privacy on macOS.

OSS-Fuzz - continuous fuzzing for open source software.

Quickly clone or backup an entire org/users repositories into one directory - Supports GitHub, GitLab, Bitbucket, and more 🐇🥚

📝 Today I Learned

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +100 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PC…

Security automation content in SCAP, Bash, Ansible, and other formats

Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc

Personal AI Infrastructure for upgrading humans.

the LLM vulnerability scanner

Playwright MCP server

Fast and configurable TLS grabber focused on TLS based data collection.

Security Auditor Utility for GraphQL APIs

Project Wycheproof tests crypto libraries against known attacks.

Prowler is the Open Cloud Security for AWS, Azure, GCP, Kubernetes, M365 and more. As agent-less, it helps for continuous monitoring, security assessments & audits, incident response, compliance, h…

The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clu…

jq for binary formats - tool, language and decoders for working with binary and text formats